diff options
Diffstat (limited to 'meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460.patch')
-rw-r--r-- | meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460.patch b/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460.patch new file mode 100644 index 000000000..47454dc8a --- /dev/null +++ b/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460.patch | |||
@@ -0,0 +1,35 @@ | |||
1 | Fix memory leaks. Taken from the Fedora packaging (https://src.fedoraproject.org/rpms/yajl) | ||
2 | where it was backported from openEuler. | ||
3 | |||
4 | CVE: CVE-2023-33460 | ||
5 | Upstream-Status: Submitted [https://github.com/lloyd/yajl/issues/250] | ||
6 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
7 | |||
8 | diff --git a/src/yajl_tree.c b/src/yajl_tree.c | ||
9 | index 3d357a3..56c7012 100644 | ||
10 | --- a/src/yajl_tree.c | ||
11 | +++ b/src/yajl_tree.c | ||
12 | @@ -143,7 +143,7 @@ static yajl_val context_pop(context_t *ctx) | ||
13 | ctx->stack = stack->next; | ||
14 | |||
15 | v = stack->value; | ||
16 | - | ||
17 | + free (stack->key); | ||
18 | free (stack); | ||
19 | |||
20 | return (v); | ||
21 | @@ -444,7 +444,14 @@ yajl_val yajl_tree_parse (const char *input, | ||
22 | snprintf(error_buffer, error_buffer_size, "%s", internal_err_str); | ||
23 | YA_FREE(&(handle->alloc), internal_err_str); | ||
24 | } | ||
25 | + while(ctx.stack != NULL) { | ||
26 | + yajl_val v = context_pop(&ctx); | ||
27 | + yajl_tree_free(v); | ||
28 | + } | ||
29 | yajl_free (handle); | ||
30 | + //If the requested memory is not released in time, it will cause memory leakage | ||
31 | + if(ctx.root) | ||
32 | + yajl_tree_free(ctx.root); | ||
33 | return NULL; | ||
34 | } | ||
35 | |||